Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JoeBucar
New Contributor

Fortigate 60D as Primary DNS

Hello,

 

I have been trying to find a way to setup the Fortigate 60D as the Primary DNS in the NIC card on a PC connected to the router without success.  I want to do this so I only have one place to change the DNS if I have the need.

Thank You,

 

Joe  

17 REPLIES 17
JoeBucar

Hello,

Thank you for the response.  I do not see that option for assigning ports in Network --> DNS Servers. 

 

 

Thank You,

 

Joe

Dave_Hall
Honored Contributor

JoeBucar wrote:

Hello,

Thank you for the response.  I do not see that option for assigning ports in Network --> DNS Servers. 

 

Did you first enable the DNS Database option from the "System>Config>Features>" menu?

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
JoeBucar

Hello,

 

Yes I did.

 

Thank You,

 

Joe

JoeBucar
New Contributor

Hello,

 

First I want to thank you guys for your help.  It made me look at things again and closer.  I was able to set the internal interface to use the system DNS successfully.  My problem was that I did not see Internal in the dropdown.

 

Once again Thanks,

 

Joe

 

 

Fullmoon

JoeBucar wrote:

My problem was that I did not see Internal in the dropdown.

Dont be confused if you cant see "Internal" in the drop down menu, choose the Interface "facing to you local network". In some fortigate models you cant see Internal but rather Port1 Port2 Port3 and so on...Hope it helps 

Fortigate Newbie

Fortigate Newbie
JoeBucar
New Contributor

Hello,

A question came up that I did not know how to answer.  I will have different ISP's on WAN1 and WAN2.  Let's say that WAN1 dies and WAN2 becomes active.  The question is How do the devices on the internal ports know that WAN2 is active?

 

Thank You,

 

Joe 

ShrewLWD
Contributor

That's the beauty of failover...they don't have to know.  As long as you have either;

 -set up wan-link load balancing (in 5.2.x) or

-separate but similar rules between internal and WAN1, and internal and WAN2,

--static routes out to their respective gateways with different balances (different distances if you want full failover, different priorities if you want a more complex setup like load balancing), and

--Dead Gateway detect rules,

the Fortinet will failover seamlessly. 

ShrewLWD
Contributor

Back to the original question though...

 

If we set up internal to Forward to System DNS;

1) Will it use port 8888 like the box itself does (if that port option is set)?

2) if the system DNS is set to Fortinet's DNS servers themselves, is Fortinet OK with getting a lot of generic web traffic requests?

 

Our WAN failovers are hitting a snag because we have AD servers behind the boxes, and we have to set up DNS forwarders in this order;

Primary_ISP_DNS1

Secondary_ISP_DNS1

Primary_ISP_DNS2

Secondary_ISP_DNS2

 

Reason being, at many of our sites the ISP does not allow port 53 traffic out of their network (or allow 53 requests into their network from another).  Setting the server to point to the Fortinet, and having those packets leave on port 8888, solves all of that.

 

 

 

Labels
Top Kudoed Authors